Elasticsearch: Difference between revisions

From Halfface
Jump to navigationJump to search
← Older edit
 
(18 intermediate revisions by the same user not shown)
Line 8: Line 8:
  login <username>
  login <username>
  password <password>
  password <password>
 
=count entries in index=
=count entries in indicies=
  GET /<indicie>/_count
  GET /<indicie>/_count
=get latest content from indicies.=
=get latest content from indicies.=
GET /<indicie>/_search
<pre>
{
curl -n -sk -X GET "https://localhost:9200/<index>/_search" -H 'Content-Type: application/json' -d '{
  "size": 1,
  "size": 1,
  "sort": [
  "sort": [
    { "@timestamp": { "order": "desc" } }
    { "@timestamp": { "order": "desc" } }
  ]
  ]
}
}'
 
</pre>


=Stats of elasticsearch=
=Stats of elasticsearch=
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
<pre>
curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"
</pre>
=Who is master=
=Who is master=
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/master?v"
</pre>
=Are we recovering=
=Are we recovering=
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"
</pre>
=List indicies by size=
=List indicies by size=
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
</pre>
=list shards by size=
<pre>
curl -skn "https://localhost:9200/_cat/shards?h=index,shard,prirep,store,ip,node&bytes=b&s=store:desc"
</pre>
 
=View 5 log entries from biggest indicie=  
=View 5 log entries from biggest indicie=  
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
<pre>
 
curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"
</pre>
=Search for a string of a log entry in the biggest indicie.=
=Search for a string of a log entry in the biggest indicie.=
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
<pre>
  "query": {
curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
    "match": {
  "query": {
      "message": "<string>"
    "match": {
    }
      "message": "<string>"
  }
    }
}' | jq -r .hits.hits[]._source.message
  }
}' | jq -r .hits.hits[]._source.message
</pre>
=list snapshot setup=
=list snapshot setup=
curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"
<pre>
curl -n -sk -X GET "https://localhost:9200/_snapshot?pretty"
</pre>
=Look at snapshots=
<pre>
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/_all?pretty" | jq -r '.snapshots | sort_by(.end_time)[] | .snapshot'
</pre>
=List indices inside snapshot=
<pre>
curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/daily-snapshots-2025.09.10-ctbhwxs5r4yl4okmthrilq?pretty" | jq -r '.snapshots[].indices | sort[]'
</pre>
=restore index=
<pre>
curl -n -sk -X POST "https://localhost:9200/_snapshot/elastic_snapshots_repo/<snapshot_name>/_restore" -H 'Content-Type: application/json' -d '{
  "indices": "<index_to_restore>",
  "ignore_unavailable": true,
  "include_global_state": false
}'
</pre>
=look at status of recover=
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/recovery?v&h=index,shard,stage,source_host,target_host,total,recovered,percent,recovery_type&bytes=b"
</pre>
=Remove all indices=
<pre>
curl -n -sk -X GET "https://localhost:9200/_cat/indices?h=index&s=store.size:desc" | while read INDEX ; do echo '*' "${INDEX}" ; echo curl -n -sk -X DELETE "https://localhost:9200/${INDEX}" ; done
</pre>
=Delete empty indices=
<pre>
# Delete empty indices
curl -skn "https://localhost:9200/_cat/indices?h=index,docs.count" | awk '$2 == 0 {print $1}' | while read idx; do
  curl -skn -X DELETE "https://localhost:9200/$idx"
done
</pre>
 
=count shards=
curl -snk "https://localhost:9200/_cat/shards?v" | wc -l

Latest revision as of 09:25, 20 October 2025

what does it mean

cdm                 Continuous Diagnostics Mitigation
cdm                 client data master

Add password to .netrc and use curl -n to use creds

~/.netrc 
machine localhost
login <username>
password <password>

count entries in index

GET /<indicie>/_count

get latest content from indicies.

curl -n -sk -X GET "https://localhost:9200/<index>/_search" -H 'Content-Type: application/json' -d '{
  "size": 1,
  "sort": [
    { "@timestamp": { "order": "desc" } }
  ]
}'

Stats of elasticsearch

curl -n -sk -X GET "https://localhost:9200/_nodes/stats/jvm?pretty"

Who is master

curl -n -sk -X GET "https://localhost:9200/_cat/master?v"

Are we recovering

curl -n -sk -X GET "https://localhost:9200/_cat/recovery?active_only=true"

List indicies by size

curl -n -sk -X GET "https://localhost:9200/_cat/indices?v&bytes=b&s=store.size:desc"

list shards by size

curl -skn "https://localhost:9200/_cat/shards?h=index,shard,prirep,store,ip,node&bytes=b&s=store:desc"

View 5 log entries from biggest indicie

curl -n -X GET "https://localhost:9200/<indicie>/_search?size=5&pretty"

Search for a string of a log entry in the biggest indicie.

curl -n -X GET "https://localhost:9200/.ds-logs-system.syslog-default-2022.08.22-000006/_search?pretty" -H 'Content-Type: application/json' -d'{
  "query": {
    "match": {
      "message": "<string>"
    }
  }
}' | jq -r .hits.hits[]._source.message

list snapshot setup

curl -n -sk -X GET "https://localhost:9200/_snapshot?pretty"

Look at snapshots

curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/_all?pretty" | jq -r '.snapshots | sort_by(.end_time)[] | .snapshot'

List indices inside snapshot

curl -n -sk -X GET "https://localhost:9200/_snapshot/elastic_snapshots_repo/daily-snapshots-2025.09.10-ctbhwxs5r4yl4okmthrilq?pretty" | jq -r '.snapshots[].indices | sort[]'

restore index

curl -n -sk -X POST "https://localhost:9200/_snapshot/elastic_snapshots_repo/<snapshot_name>/_restore" -H 'Content-Type: application/json' -d '{
  "indices": "<index_to_restore>",
  "ignore_unavailable": true,
  "include_global_state": false
}'

look at status of recover

curl -n -sk -X GET "https://localhost:9200/_cat/recovery?v&h=index,shard,stage,source_host,target_host,total,recovered,percent,recovery_type&bytes=b"

Remove all indices

curl -n -sk -X GET "https://localhost:9200/_cat/indices?h=index&s=store.size:desc" | while read INDEX ; do echo '*' "${INDEX}" ; echo curl -n -sk -X DELETE "https://localhost:9200/${INDEX}" ; done

Delete empty indices

# Delete empty indices
curl -skn "https://localhost:9200/_cat/indices?h=index,docs.count" | awk '$2 == 0 {print $1}' | while read idx; do
  curl -skn -X DELETE "https://localhost:9200/$idx"
done

count shards

curl -snk "https://localhost:9200/_cat/shards?v" | wc -l
Retrieved from "https://halfface.se/wiki/index.php?title=Elasticsearch&oldid=16356"